SoylentNews is people
SoylentNews
from the when-does-a-video-stream-become-a-river? dept.
Ars Technica reports that Netflix is about to encrypt all its video streams with HTTPS. The feature will be rolled out in the coming year. This comes after one failed attempt six months ago.
Netflix's entry into the HTTPS party comes as privacy and security advocates are calling on all websites to encrypt all their traffic. The rationale behind the request is that continuous and complete HTTPS protection thwarts state-sponsored attacks that countries like the US and China launch from the Internet backbone. Web encryption is also useful against man-in-the-middle attacks that hijack huge chunks of Internet traffic. In both cases, HTTPS prevents the attacker from surreptitiously injecting malicious packets into the targeted data stream.
According to El Reg, this change will increase costs considerably for Netflix:
Netflix has battled with the overheads HTTPS incurs; Watson estimated a capacity hit between 30 to 53 percent thanks to encryption computational overheads and a lack of optimisations to avoid data copies to and from user space.
Such a hit would cost Netflix potentially hundreds of millions of dollars a year.
Tweaks could cut that overhead by a third while speculative advancements in the next several years could crush it by up to 80 percent.
Do we really need encrypted video streams?
(Score: 4, Interesting) by tynin on Sunday April 19 2015, @03:05PM
I suspect it is because it will be encrypted, it won't be cacheable in any meaningful sense. All the work that the cache would have saved handling tons of concurrent users doing largely similar actions is likely right in that 30 to 53 percent number.
(Score: 2) by frojack on Sunday April 19 2015, @10:51PM
But Netflix has their own servers parked on the head end controllers of most big ISPs, don't they?
If So caching has already been pushed far down the tree.
And given that, they have a lot more engines doing the stream encryption very close to the customer.
Also, a question: Is AES efficient at encrypting long running streaming video? I was under the impression there were other ciphers that were better for that.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by tempest on Monday April 20 2015, @02:23PM
In TLS1.2 we're basically down to Camellia and AES (forgetting Ghost and Koren oddballs). Chacha20 would probably be the best option considering the range of devices connecting (Roku/PS3/phones/TV embedded/etc) which don't have AES acceleration, but is still in the process of being adapted. I think they'll be using special hardware for acceleration regardless.
(Score: 3, Informative) by frojack on Monday April 20 2015, @09:49PM
That fits with what I was remembering.
You might start with AES-128 or something for session initiation, but once you start a data stream you quickly switch to some more efficient cipher to handle the speed.
No, you are mistaken. I've always had this sig.